CVE-2025-31995 - Vulnerability Details - OpenCVE

ReportizFlow

HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech	Maxai Workbench

No data.

No data.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124425

History

Tue, 21 Oct 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech maxai Workbench
Vendors & Products		Hcltech Hcltech maxai Workbench

Tue, 14 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 13 Oct 2025 05:15:00 +0000

Type	Values Removed	Values Added
Description		HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.
Title		HCL Unica MaxAI Workbench is vulnerable to improper input validation
Weaknesses		CWE-20
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124425
Metrics		cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2025-10-13T04:58:20.465Z

Updated: 2025-10-14T19:36:39.714Z

Reserved: 2025-04-01T18:46:35.961Z

Link: CVE-2025-31995

Vulnrichment

Updated: 2025-10-14T19:36:36.307Z

NVD

Status : Awaiting Analysis

Published: 2025-10-13T05:15:50.970

Modified: 2025-10-14T19:36:59.730

Link: CVE-2025-31995

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31995", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-04-01T18:46:35.961Z", "datePublished": "2025-10-13T04:58:20.465Z", "dateUpdated": "2025-10-14T19:36:39.714Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MaxAI Workbench", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "v12.1.10 - v25.1"}]}], "datePublic": "2025-10-13T04:55:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.<br>"}], "value": "HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-13T04:58:20.465Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124425"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Unica MaxAI Workbench is vulnerable to improper input validation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T19:35:20.568571Z", "id": "CVE-2025-31995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T19:36:39.714Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "HCL Unica MaxAI Workbench is vulnerable to improper input validation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "MaxAI Workbench", "versions": [{"status": "affected", "version": "v12.1.10 - v25.1"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-13T04:55:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124425"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.", "supportingMedia": [{"type": "text/html", "value": "HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-13T04:58:20.465Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T19:35:20.568571Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-10-14T19:36:36.307Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-31995", "state": "PUBLISHED", "dateUpdated": "2025-10-13T04:58:20.465Z", "dateReserved": "2025-04-01T18:46:35.961Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2025-10-13T04:58:20.465Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}